CVE-2025-39929

Опубликовано: 04 окт. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()

A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability involves a memory leak that occurs during error handling in the smbd_negotiate() function. A local attacker could exploit this flaw to exhaust system resources, leading to a Denial of Service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-772

https://bugzilla.redhat.com/show_bug.cgi?id=2401419kernel: Linux kernel: Denial of Service due to memory leak in SMB client

EPSS

Процентиль: 6%

0.00021

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-39929

CVSS3: 5.5

ubuntu

6 месяцев назад

CVE-2025-39929

CVSS3: 5.5

nvd

6 месяцев назад

CVE-2025-39929

CVSS3: 5.5

msrc

6 месяцев назад

smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path

CVE-2025-39929

CVSS3: 5.5

debian

6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: s ...

GHSA-xq93-xr8g-2h7w

CVSS3: 5.5

github

6 месяцев назад

EPSS

Процентиль: 6%

0.00021

Низкий

5.5 Medium

CVSS3